Saturday, August 13, 2016

“We love talking to our fellow democrats, but not on our cell phones or via our private email.  (Except when we use it instead of the government issued one?)”
The Smoking Gun reports:
After disappearing for a couple of weeks, the hacker “Guccifer 2.0” returned late this afternoon to provide a new headache for Democrats.
In a post to his WordPress blog, the vandal–who previously provided nearly 20,000 Democratic National Committee e-mails to Wikileaks–uploaded an Excel file that includes the cell phone numbers and private e-mail addresses of nearly every Democratic member of the House of Representatives.
The Excel file also includes similar contact information for hundreds of congressional staff members (chiefs of staff, press secretaries, legislative directors, schedulers) and campaign personnel.
Read more on TSG.
[From the article: 
Along with the Excel file, “Guccifer 2.0” also uploaded documents that included the account names and passwords for an assortment of subscription services used by the DCCC, from Lexis-Nexis to Glenn Beck’s web site (password: nutbag).  [See the other Glenn Beck article, below.  Bob] 


Data scraping, but who benefits? 
Ethan Baron reports:
Data thieves used a massive “botnet” against professional networking site LinkedIn and stole member’s personal information, a new lawsuit reveals.
The Mountain View firm filed the federal suit this week in an attempt to uncover the perpetrators.
“LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information,” said the company’s complaint, filed in Northern California U.S. District Court.
Read more on Silicon Beat.
[From the article:
“This was not an attack or data breach where confidential data was stolen,” LinkedIn’s legal team said in a statement.  This suit is about unknown entities using automated systems to scrape and copy data that members have made available on LinkedIn, violating the law and our Terms of Service.”


In November 2012 the Governor claimed they were in compliance with security standards but the hack could not have been prevented.  Looks like they are trying to prevent hacks but still don’t know much about what happened? 
Tim Smith reports:
Four years after South Carolina’s tax agency suffered the worst data breach in state history, 5 million attempts are made each week to gain unauthorized access to state government computers, which hold vast amounts of personal data belonging to taxpayers, employees and members of the public.
[…]
Four years later, the state has made a myriad of cyber security improvements but the culprits of the DOR breach have not been captured.
“It is still a very active and open investigation,” Thom Berry, a spokesman for the State Law Enforcement Division, told The News.  “We recently discussed the matter with our federal partners and they assured us they too have a very open and active investigation on the matter.”
Read more on Greenville Online.
[From the article:
Before any employee has access to a DOR computer system, Reames said, they have to go through nationally-accredited security training, including testing on phishing, privacy issues and data classification.  Existing employees have to be re-certified each year . There also are mock security drills, penetration testing and phishing email tests.
The agency also hired a chief information security officer who reports directly to the agency’s director.  An internal auditor also now reports to the director.  [That’s rather strange.  Bob] 


A change of mind or something else?
PrivacySOS writes:
In June, the Government Accountability Office released a report criticizing the FBI’s facial recognition programs as privacy invasive, untested, and secretive.  The GAO report got a decent amount of coverage, particularly in the independent and tech press.  Included in the report was a map showing which states had agreements with the FBI’s FACE Unit to share mugshots and drivers license images for facial recognition scans, and which states were “under negotiations” with the FBI to establish such agreements. Massachusetts was listed among the latter states (see below).  That was the first I’d ever heard of the Massachusetts RMV engaging in negotiations to share drivers license images with the FBI.  Alarmed, I filed a public records request with the Massachusetts Department of Transportation to learn more about these negotiations.
Then something bizarre happened. 
On August 3 2016, the GAO published a modified version of its report.  The only thing in the report that changed was Figure 4, the map revealing that states including Massachusetts were involved in negotiations with the FBI, presumably to allow the Bureau to begin performing facial recognition searches of state RMV records.  The map initially stated that 18 states, including Massachusetts, were involved in these negotiations.  The “corrected” map (see below) says there are “no negotiations underway” in these 18 states—a 180 degree reversal. 
Read more on PrivacySOS.


For my IT Architecture students.
McKinsey – Policy in the data age
by Sabrina I. Pacifici on Aug 12, 2016
“The tremendous impact that digital services have had on governments and society has been the subject of extensive research that has documented the rapid, extensive adoption of public-sector digital services around the globe.  We believe that the coming data revolution will be even more deeply transformational and that data enablement will produce a radical shift in the public sector’s quality of service, empowering governments to deliver better constituent service, better policy outcomes, and more-productive operations.”


Perspective. 
This is what happens on the Internet in 60 seconds


Expect more of this in a world where prominent journalists are frequently caught making up part or all of their stories. 
Judge: Glenn Beck must disclose his marathon bombing sources
Glenn Beck must disclose the names of confidential sources he used while reporting that a Saudi Arabian student was involved in the Boston Marathon bombing, a federal judge ruled in a case being closely watched by First Amendment activists and news organizations.
The ruling by U.S. District Judge Patti Saris came Tuesday in a defamation lawsuit filed by Abdulrahman Alharbi, who was injured in the 2013 deadly bombing.
Saris said the conservative commentator must disclose the identities of at least two U.S. Department of Homeland Security employees who allegedly gave Beck’s associates information supporting Beck’s claim that Alharbi was the attack’s “money man.”
The judge acknowledged that her decision could raise First Amendment concerns, but she said documents she ordered did not show that Alharbi funded the attack.
   Saris agreed with Alharbi’s contention that “the only way to verify or confirm what the confidential sources told the defendants would be to speak with the sources themselves.”  She noted that the deposition testimony of Beck’s associates “is vague and often contradictory.”
Alharbi therefore “has a strong need for the sources’ identities to meet his burden of demonstrating that the defendants did not act with the proper standard of care in their reporting,” Saris wrote.


Does this mean on-demand rides have arrived? 
Lyft Rebuffs Acquisition Approach from GM
General Motors in recent weeks told Lyft it was interested in acquiring the company, according to a person briefed on the situation.  After soliciting other potential strategic acquirers, Lyft rebuffed GM’s approach and decided to raise a new funding round instead, according to two people.
GM mentioned a price it was willing to pay but that amount couldn’t be learned, and it’s unclear who initiated the conversation.  GM paid $500 million for a 9% stake in Lyft at the start of the year, valuing the company at $5.5 billion.  GM’s president sits on Lyft’s board of directors. The bid signals GM’s seriousness about increasing its investment in ride-sharing, as Lyft would likely require billions of dollars in further investment.  Lyft trails Uber by a wide margin overall in terms of market share in the U.S.


Saturday reading.
Hack Education Weekly News
   Ugandan parliament orders Bridge Academy schools closed,” according to Education International.  “In a sweeping move, the for-profit school chain has been told to lock its doors after parliament demanded it halt operations in response to its failure to meet educational and infrastructure standards.”  The company – funded by Mark Zuckerberg, Bill Gates, Pearson, Learn Capital, and others – says it will remain open.
   Via The New York Times: “Ahmed Mohamed, Boy Handcuffed for Making Clock, Is Suing.”
   Via the Dallas Morning News: “Professors who ban guns in their classrooms will be punished, UT lawyer says.”
   Vermont schools have more computers than students, says the Burlington Free Press.
   “The University of Melbourne has moved to allay privacy concerns amid revelations it is tracking students through their wi-fi usage,” says The World Today.  “The university said the practice, which looked at where people were moving around campus, helped institutions improve retention rates and the experience of students.”

Friday, August 12, 2016

Is this another “shortcut” some VW engineer tried to get away with?
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ A New Wireless Hack Can Unlock 100 Million Volkswagens
In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years.  But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too.  And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.
   The researchers found that with some “tedious reverse engineering” of one component inside a Volkswagen’s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles.  By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car.


The author is talking of many things, but these “rules” stand out!  It’s another way of saying that we have to re-learn basic security practices every time something new cones along.
The Internet of (insecure) Things and other inside observations from the Black Hat hackers conference
If there are common threads in our adoption of any new technology, they would most likely be:
  • We often adopt it before we fully understand the security implications.
  • Our bad habits from legacy technologies are highly portable.
  • We don’t avail ourselves of the new and/or improved security capabilities that are part and parcel of new technology.


Clever.  Possibly true.  So what?  So my Computer Security students should have evidence to refute this claim? 
Andrew C. Glass, David D. Christensen and Matthew N. Lowe of K&L Gates write:
With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common.  A critical issue in nearly all data breach litigation is whether a plaintiff has standing to pursue claims—especially where there is no evidence of actual fraud or identity theft resulting from the purported data breach.  The plaintiffs’ bar has pursued a litany of legal theories in the attempt to clear the standing hurdle, including the recent theory of “overpayment” (a/k/a “benefit of the bargain” theory).  Under this theory, the plaintiff alleges that the price for the purchased product or service—whether sneakers, restaurant meals, or health insurance—included some indeterminate amount allocated to data security.  Depending on how the theory is framed, the purported “injury” is either that the plaintiff “overpaid” for the product or service, or that the plaintiff did not receive the “benefit of the bargain,” because the defendant did not appropriately use the indeterminate amount to provide adequate data security.  Despite plaintiffs’ attempts to establish standing through this novel theory, courts have limited its applicability in a variety of ways discussed below.
Read more on Lexology.


Important enough to take 9 years investigating, but not important enough to do anything about?  Something a little fishy here? 
I have been following this case from the beginning and wondering why the heck HHS didn’t come down on Walgreens like they did on their competitors CVS and RiteAid.  And now we learn that OCR just closed the case with no penalty?  Seriously?  So CVS and RiteAid get clobbered by both the FTC and HHS/OCR, and Walgreens…. nothing other than throwing the issued into a larger environmental case?
WTHR, who first made the public aware of the problem with Walgreens’ privacy and data security, reports:
A decade after WTHR exposed the county’s largest pharmacy chains failed to protect their customers’ sensitive healthcare information, 13 Investigates has learned government regulators have quietly closed their investigation into improper trash disposal practices by Walgreens.
The government’s decision – announced in an e-mail to WTHR – means Walgreens will not face any federal penalty despite repeatedly violating federal law and jeopardizing customer privacy in the same manner that resulted in record-setting fines against its largest competitors.
Read more on WTHR, who did a tremendous public service via their original investigative reporting in 2006, and their follow-ups on this issue.  It’s a damned shame that OCR did not impose a monetary penalty as a reminder to entities that disposal of paper records matters.


Does the government like covering agencies whenever possible or is there something really embarrassing this time?  (One system for employees & contractors, one for vendors, one for the environments they “protect.”  That leaves me 27 systems short?) 
EPA conducts, will not release, cyber audit
Citing privacy concerns, the Environmental Protection Agency will not be releasing an Inspector General’s report discussing cybersecurity.
An “At A Glance” summary of the report says an audit of the agency’s computers found 30 systems with personally identifiable information.


So now we can can’t can can’t can block ads!
Adblock Plus has already defeated Facebook's new ad blocking restrictions


Disintermediation?  What a concept!
This Company Wants to Disrupt Ticketmaster's Tight Grip on Your Favorite Events
   SeatGeek, founded in 2009, carved a niche as a search engine to help customers find the best deals among tickets being sold and resold online, as well as a place for electronic tickets to safely change hands (or mobile devices, rather) without fraud worries.  Today, the company has announced SeatGeek Open, its official entry into primary sales that aims to eventually compete with the ticketing industry’s biggest players.
Overall, SeatGeek’s goal is to open up the marketplace (despite the fact that Ticketmaster is trying to keep it as closed as possible).  Its key differentiator lies in its open-source technology, which will allow artists, teams, venues and the like to present and sell available tickets directly via social media and ecommerce.


A response to those slow chipped credit cards?  Will every (large?) company want its own payment App? 
CVS Pharmacy launches its own mobile payments and loyalty solution, CVS Pay
   Currently, customers have to either present their physical CVS rewards card at the register, or they have to say their name and birthday in order for the store associate to look up their account information.  Then, after their purchases and prescriptions are run up, they have to pay.  (And thanks to the slow-to-process chip cards, this, too, takes time.)


Perspective.  HPE is becoming a player in the super computer market? 
Hewlett Packard Enterprise acquires SGI for $275 million


For my students who get outdoors?
Printable USGS PDF Quads A Quick, Easy, Free way to Download any Quad in the Country
by Sabrina I. Pacifici on Aug 11, 2016
“National Geographic has built an easy to use web interface that allows anyone to quickly find any quad in the country for downloading and printing.  Each quad has been pre-processed to print on a standard home, letter size printer.  These are the same quads that were printed by USGS for decades on giant bus-sized pressed but are now available in multi-page PDFs that can be printed just about anywhere.”

Thursday, August 11, 2016

My Computer Security students should memorize this. 
Beneath the Surface of a Cyberattack: A Deeper Look at Business Impacts
Deloitte identifies 14 business impacts of a Cyberattack...
   “Beneath the surface of a cyberattack” was created by Deloitte Advisory’s Cyber Risk practice in tandem with the organization’s leading forensic and investigations, and business valuation services.  Looking at two samples cyberattack scenarios, the report demonstrates a model to quantify potential damage, and identifies 14 business impacts of a cyber incident as they play out over a five-year incident response process.  The scenarios illustrate some of the many ways a cyberattack can unfold and both clearly illustrate that the road to business recovery can be far more drawn out, more complex, and more costly than imagined.
Above the surface: well-known cyber incident costs
  • Customer breach notifications
  • Post-breach customer protection
  • Regulatory compliance (fines)
  • Public relations/crisis communications
  • Attorney fees and litigation
  • Cybersecurity improvements
  • Technical investigations
Below the surface: hidden or less visible costs
  • Insurance premium increases
  • Increased cost to raise debt
  • Operational disruption or destruction
  • Lost value of customer relationships
  • Value of lost contract revenue
  • Devaluation of trade name
  • Loss of intellectual property (IP)


This assumes that criminals will cooperate? 
Thailand to make tourists use traceable SIM cards
Foreign tourists in Thailand will be required to use a special SIM card for their mobile phones that could be used to track their movements during their stay, the telecom regulator said on Tuesday.
This SIM card has been specially programmed to transmit information about its whereabouts once it is inserted in the phone.  This function cannot be turned off when the SIM is in use.
All foreigners in Thailand, excluding expats with permanent addresses, will be required to purchase the special card, Thakorn Tantasith, secretary general of the National Broadcasting and Telecommunication Commission said.
"It will benefit the government authority by being able to trace the location of tourists who have illegally extended their stays or criminals who have fled to Thailand to escape," he said.  It will also be easier to track tourists who stay in multiple locations during their stay, he added.
But in order to obtain the tourists' locations, police and any authority will need a court order.  If a telecom operator reveals information without a court order, its officials will be penalized with a five-year jail term.  "If the tourist has not done anything wrong, there's nothing to worry about to begin with," Thakorn said.


How brotherly, how Big, Big Brotherly.
Joe Cadillic writes:
DHS’s Hometown Security Initiative (HSI) encourages businesses to spy on Americans.  DHS admits to working closely with the private sector.
HSI’s four parts ConnectPlanTrain, and Report are designed to encourage spying on Americans.
I’ll let you read the rest on Joe’s newly redesigned blog, but want to highlight something he wrote:
Businesses and landlords are doing there part to keep Americans in fear. DHS and the FBI survive on fear, their budgets depend on Americans being suspicious of everyone and everything.  Where does the lunacy end?

(Related) Are Apps like this useful without violating privacy?
You Can Help Fight Human Trafficking With This App
While much of it may be dedicated to cat videos and trolling, there is no doubting the internet’s positive and collective power.  TraffickCam takes all of these elements and puts it toward an important cause: using the power of crowdsourcing to fight human trafficking.
So how does it work?  Accessible on the go with iOS and Android apps or through its website, TraffickCam is calling on travelers to upload photos of your hotel rooms.  Whenever you travel, by taking up to four photos of the room you’re staying in, you are contributing to a database that will help in the prosecution of human traffickers.


Interesting.  Still not the same as the Kim Dotcom case.
Last December a Virginia federal jury ruled that Internet provider Cox Communications was responsible for the copyright infringements of its subscribers.
The ISP was found guilty of willful contributory copyright infringement and ordered to pay music publisher BMG Rights Management $25 million in damages.
The verdict was a massive victory for the music licensing company and nothing short of a disaster for Cox.
   In the verdict, the court upholds the conclusions of the jury.  Among other things, it rules that there is sufficient evidence for a jury to conclude that Cox is responsible for the infringements that occurred on its network.
The fact that the ISP chose not to forward BMG’s notices and settlement requests to its customers to protect them from extortion-like practices, doesn’t change this.
“Whether or not Cox’s effort to protect its customers from Rightscorp was noble or well-intentioned, Cox could not also turn a blind eye to specific infringement occurring on its network,” Judge O’Grady writes.


For my Data Management students.  Deliberate rounding error and failure to report “unknown” location?
Kansas couple sues IP mapping firm for turning their life into a “digital hell”
   As any geography nerd knows, the precise center of the United States is in northern Kansas, near the Nebraska border.  Technically, the latitudinal and longitudinal coordinates of the center spot are 39°50′N 98°35′W.  In digital maps, that number is an ugly one: 39.8333333,-98.585522.  So back in 2002, when MaxMind was first choosing the default point on its digital map for the center of the U.S., it decided to clean up the measurements and go with a simpler, nearby latitude and longitude: 38°N 97°W or 38.0000,-97.0000.
As a result, for the last 14 years, every time MaxMind’s database has been queried about the location of an IP address in the United States it can’t identify, it has spit out the default location of a spot two hours away from the geographic center of the country.


Perspective.  Yet another company that finds mobile used more than desktops.
Alibaba posts record growth as mobile revenue tops desktop for first time


Certainly novel.
Online used-car startup Carvana gets $160 million in new funding
Online used-car startup Carvana, known for delivering vehicles through vending machines, said today it closed a $160 million funding round that brought the total raised to nearly half a billion dollars.
   The company operates automated towers holding several cars.  A customer can buy a car online and can either pick it up from the vending machine or have it delivered.
At the machine, customers are required to enter their details on a tablet, after which they get a coin.  When the coin is inserted into the machine the ordered car is automatically delivered from the machine.


Perhaps a project for the Electrical Engineering class?  Few details.  Watch the video. 
This Startup Wants to Build a Drone-Proof Fence to Protect Your Property
   Linda Ziemba is the founder of Drone Go Home, a drone intrusion prevention system that offers mobile and permanent installations


If you send a message to a politician, do you expect them to re-lie?
Got something to tell the president? Try the White House's new Facebook bot


There are lots of ways to vary (twist) a business model.  A friend recently attended a seminar on “How to get around Denver” that talked about light rail, busses, Uber, and this one:
Driving Miss Daisy, Inc.

(Related) I found this one while searching for DMD.
GoGoGrandparent
An assistant for folks that don't like smartphones.

Wednesday, August 10, 2016

Hackers only do this because they find it so easy.
Australia Online Census Shutdown After Cyber Attacks
   as thousands of people headed to the official website Tuesday evening, a series of denial-of-service attacks -- attempts to overwhelm an online system to prevent people accessing it -- prompted authorities to take the site offline.
"It was an attack, and we believe from overseas," said David Kalisch from the Australian Bureau of Statistics, which organises the census.
"The scale of the attack, it was quite clear it was malicious," he told the Australian Broadcasting Corporation.
The census website was not back online Wednesday.


There must be more here than I’m seeing.  If I was a conspiracy buff, I might see some serious hackers behind this.  What might North Korea want in exchange for not shutting down all airline systems? 
Complexity makes airline computer systems vulnerable
   Why do these kinds of meltdowns keep happening?
The answer is that airlines depend on huge, overlapping and complex IT systems to do just about everything, from operating flights to handling ticketing, boarding, websites and mobile-phone apps.  And after years of rapid consolidation in the airline business, these computer systems may be a hodgepodge of parts of varying ages and from different merger partners.
These systems are also being worked harder, with new fees and options for passengers, and more transactions — Delta’s traffic has nearly doubled in the past decade.
   It is unclear exactly what went wrong at Delta.  The airline said it suffered a power outage at an Atlanta installation around 2:30 a.m. EDT that caused many of its computer systems to fail.  But the local electric company, Georgia Power, said that it was not to blame and that the equipment failure was on Delta’s end.
IT experts questioned whether Delta’s network was adequately prepared for the inevitable breakdown.
“One piece of equipment going out shouldn’t cause this,” said Bill Curtis, chief scientist at software-analysis firm Cast. “It’s a bit shocking.”
Curtis said IT systems should be designed so that when a part fails, its functions automatically switch over to a backup, preferably in a different location.  “And if I had a multibillion-dollar business running on this, I would certainly want to have some kind of backup power,” he added.

(Related) I wonder if one of the vulnerabilities was, “turn off the power?” 
Joshua Philipp reports:
Computer systems of Delta Airlines have suffered a “glitch” that is causing flight delays on the airline globally.  While the cause of the delays is still unclear, a group of cyber criminals was recently selling vulnerabilities to major airlines on the black market.
On Jan. 3, cybercriminals on a darknet black market run by Chinese state hackers published an advertisement for information and vulnerabilities in a long list of major airlines that included Delta Airlines, United Airlines, Japan Airlines, FedEx, and others.
Read more on Epoch Times.

(Related)  How to backup an entire country?
Estonia's "Data Embassy" Could be UK's First Brexit Cyber Casualty
The government of Estonia is one of the most cyber-aware governments in the world.  Recent reports have suggested that the country has been in discussion with the UK for the establishment of an overseas data embassy.  Those same reports suggest that Britain's decision to leave the European Union is making Estonia reconsider the UK, and perhaps favor Luxembourg.  If this is true, it could make the loss of business with Estonia the first major cyber casualty of the Brexit.
   Although the Ministry here describes the project as simply a data center, it has elsewhere used the term 'virtual data embassy'.  This is to differentiate the concept from simple backups that have been stored in overseas embassies for the last ten years.  Estonia is facing an issue now that will be faced by more and more nations as electronic government increases: secure mirrors will be required to ensure that the country itself doesn't face downtime in a catastrophe.  Estonia, of course faces the additional concern of physical incursion from its neighbor and one-time overlord, Russia.
Taavi Kotka, the Government CIO, wrote, "As part of this research project, we have evaluated methods to ensure that the data and services of and for our citizens, e-residents, and institutions are kept safe, secure, and continuously available.  Privacy, security, data protection, and data integrity are central to our government services."


A new (to me) resource!
What kind of month was July for breaches involving health information.  I counted 39 incidents reported during the month.  Read Protenus’s blog for an analysis of the incidents.
Update: Tom Sullivan of HealthcareITNews has a great write-up on the blog post.


I see a project for my Ethical Hacking students.
75 Percent of Bluetooth Smart Locks Can Be Hacked
Many Bluetooth Low Energy smart locks can be hacked and opened by unauthorized users, but their manufacturers seem to want to do nothing about it, a security researcher said yesterday (Aug. 6) at the DEF CON hacker conference here.


Something to amuse my Computer Security students.
25 Awesome “Bug Bounty” Programs for Earning Pocket Money
A bug bounty is a monetary payout for finding and reporting security holes in software.  If you have expertise in security protocols, you could make some extra pocket money hunting for bugs in popular apps and websites.
It’s also a great way to sharpen your skills and build your reputation as a security expert — to the point where you could be recruited by companies (or even the American government).  Here are the best bug bounty programs available in 2016.


Because the FBI has jurisdiction over all riots? 
Kristen V. Brown reports:
When the FBI sent secret spy planes to capture surveillance footage of the Baltimore protests of Freddie Gray’s death in 2015, the agency justified the aerial monitoring as necessary.  “Large scale demonstrations and protests” meant there was “potential for large scale violence and riots,” the agency wrote in an internal memo at the time.
Last week, the FBI released more than 18 hours of this footage in response to a FOIA request from the American Civil Liberties Union.  Captured by a thermal-imaging system with infrared cameras mounted to the plane’s wing, the footage was taken over five days during at least 10 surveillance flights.  The footage shows major Black Lives Matter marches, quiet neighborhood gatherings and near-empty streets.  It’s unclear if law enforcement acted on this footage in policing the protests.
Read more on Fusion.

(Related) Did the FIOA request ask about facial recognition?
Andrada Fiscutean reports:
Romania’s intelligence service is about to build a system to identify people taking part in street protests or talking on Facebook or Skype, according to four local human-rights groups.
In an open letter published on Monday, the groups said the system would be capable of running facial recognition on three million people.  It could also intercept online traffic without the consent of the users and will have unrestricted access to all public databases containing information about citizens.
Read more on ZDNet.


You know this is not going to die.  Ever.  (Translation:  When a politician says, “as far as I know” what he or she means is, “I’m staying deliberately ignorant, but I don’t want to admit that.” 
(Washington DC) – Judicial Watch today released 296 pages of State Department records, of which 44 email exchanges were not previously turned over to the State Department, bringing the known total to date to 171 of new Clinton emails (not part of the 55,000 pages of emails that Clinton turned over to the State Department).  These records further appear to contradict statements by Clinton that, “as far as she knew,” all of her government emails were turned over to the State Department


Is ad blocking the cyber-equivalent of muting the TV during commercials?
Facebook Will Force Advertising on Ad-Blocking Users
Facebook is going to start forcing ads to appear for all users of its desktop website, even if they use ad-blocking software.
The social network said on Tuesday that it will change the way advertising is loaded into its desktop website to make its ad units considerably more difficult for ad blockers to detect.  [Stealth ads?  Bob]


Interesting.  IT Architecture impacts brick and mortar architecture.  Surprising that delivery would be so different?
E-Commerce Forces Shift in Warehouse Building
The rise of online shopping is forcing warehouse builders to redraw the map of logistics hubs on the East Coast.


Politicians always feel virtuous when they can create a new “Sin Tax.”  Bet on it! 
State governments eye cash from fantasy sports
   More than half of the nation’s state legislatures are set to debate measures to codify the existence of daily and weekly fantasy sports sites, which could provide a lucrative new revenue stream for cash-strapped governments.


Forsooth!
CU offering certificate in ‘Applied Shakespeare'
BOULDER - Valorous news!  Thee can anon receiveth a c'rtificate f'r studying the fine w'rks of the greatest playwright the w'rld hast ev'r seen.
The above sentence is an example of “Applied Shakespeare,” which, coincidentally, is also the name of the latest graduate certificate offered by the University of Colorado – Boulder.


You know this headline caught my eye.  (Beer!  There’s an App for that!) 
This smart glass earns you free beer


For the toolkit.  Not necessarily for my Ethical Hacking students. 
How to Take Remote Control of Someone Else’s PC


Also for the toolkit.  Organize your projects!
11 Trello Tips and Workflow Features for Programmers
Trello is one of the best productivity tools to hit the scene in the past decade, mainly due to the power of visual organization.  It’s more than just a to-do list alternative.  It’s an entirely different paradigm, especially for programmers.


For my students.  I wonder if there is an index of these fairs? 
Virtual Career Fairs: An Effective Recruiting Tool For The IC
   One of the most popular questions I hear is, “Do these things [VCFs] work?  Do people really get hired from these events?” The answer is, unequivocally, YES.  I have worked with numerous students who have attended American Military University and American Public University’s National Security VCF in the past and have been hired due to the connections they made during the event.  While exact numbers can be hard to come by in the IC (for obvious reasons), the recruiters are returning again and again.
   The IC hosts an annual VCF; the last one was in March 2016.  If the recruiters weren’t finding high-quality talent at VCFs then flat-out, they would not attend or host them.


I think I will re-arrange my priorities like Wally’s.

Tuesday, August 09, 2016

Hackers can swipe your swipe?
Data Breach At Oracle’s MICROS Point-of-Sale Division
A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned.  More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
   MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide.


What’s a coffee addict to do?  (Never irritate your best customers!) 
Starbucks card glitches leave some customers steaming
Susan Gray, a teaching assistant in Royal Oak, Mich., was attempting to reload her Starbucks card on her phone’s Starbucks mobile app a few days ago when a message popped up saying, “We’re unable to process payment with the information given.”
Figuring there was something temporarily wrong, Gray tried to reload it again for $25 — unsuccessfully.  Despite four attempts, the $25 never showed up on her Starbucks account.  But she did get a call from her bank — which had flagged the transactions as possible fraud.
Gray is among an unknown number of Starbucks customers who are steaming over a days-old, still-unresolved tech glitch that’s left them unable to reload their Starbucks card, and in some cases, charged them for amounts that haven’t shown up on their Starbucks accounts.
   The card is also tied to the company’s hugely successful mobile app, which customers can use to pay, or even to bypass lines by ordering and paying straight from their mobile phones.  In the most recent quarter, 25 percent of all transactions were conducted with the mobile app,


For my Computer Security students. 
EFF – How to: Avoid Phishing Attacks
by Sabrina I. Pacifici on Aug 8, 2016
EFF Surveillance Self Defense – “When an attacker sends an email or link that looks innocent, but is actually malicious, it’s called phishing.  Phishing attacks are a common way that users get infected with malware—programs that hide on your computer and can be used to remotely control it, steal information, or spy on you.  In a phishing email, the attacker may encourage you to click on or open a link or an attachment that may contain malware.  Phishing can also occur via Internet chat.  It’s important to double-check links that are sent to you via email or chat.  Web addresses in emails can be deceptive.  Web addresses in mail may appear to say one thing, but if you mouse over them to see where they really point, they might show another destination address…”


Just suspects?  What exactly is “questionable activity?” 
You knew this was coming, didn’t you?  Wendy Lee reports:
The Department of Homeland Security is hiring in Silicon Valley — for drones.
Last week, technology entrepreneurs filled a Menlo Park conference room, where officials spelled out their needs — drones small and light enough to launch easily and fly over vast stretches of desert.  The machines would look for questionable activity, scan faces of suspects and compare them against a database for prior criminal history.
Drones already operate along the border.  Eight large Predator drones, each with a 66-foot wingspan, help agents with monitoring.  Donald Trump, the Republican presidential nominee, told a Syracuse newspaper in April that he wanted to expand the use of drones at the border, in addition to the wall he wants to build.
Currently border drones do not use facial recognition technology, which remains controversial.
Read more on AllGov.


For my Data Management students.  Even  your best customers can get you in trouble.
AT&T fined $7.7M over illegal phone charges
The Federal Communications Commission fined AT&T more than $7 million on Monday for allowing scam artists with alleged links to the drug trade to illegally place charges on customers’ bills.
   Federal authorities became aware of the scheme when the Drug Enforcement Agency learned that two companies suspected to be involved in money laundering and drug crimes were charging AT&T landline customers for directory assistance service that was never delivered.  Customers were charged roughly $9 each month, according to the commission.
Such scams, known as “cramming,” prey on the increasingly complicated nature of phone bills.


Well, doggle my boone.  Another government technology project wasting my tax dollars? 
The $47 Billion Network That’s Already Obsolete
The prize for the most wasteful post-9/11 initiative arguably should go to FirstNet—a whole new agency set up to provide a telecommunications system exclusively for firefighters, police, and other first responders.
   FirstNet is in such disarray that 15 years after the problem it is supposed to solve was identified, it is years from completion—and it may never get completed at all.  According to the GAO, estimates of its cost range from $12 billion to $47 billion, even as advances in digital technology seem to have eliminated the need to spend any of it.


How valuable are a billion new users?
Express Wifi Is Facebook's Second Attempt To Bring Internet Access To Rural India
After the public debacle Facebook got into with the net-neutral Indian public with its 'Free Basics' program, Facebook hasn't given up.  Taking pointers from the raging debate about net neutrality that Free Basics set off in India, Mark Zuckerberg has decided to toe the line.
In its latest efforts to get more people from rural India on Facebook, the company has introduced Express Wi-Fi that will let smartphone users purchase data from local internet service providers.
Simply put, Facebook will now provide only the software that will help ISPs and entrepreneurs sell data in rural areas, that will be accessible using Wi-Fi hotspots.


If at first you don’t e-commerce, buy, buy again!
Wal-Mart CEO Doug McMillon on what he saw in Jet.com
Wal-Mart's acquisition of Jet.com was in some ways a return to basics for the world's largest retailer.
"If Wal-Mart were starting today and we were building an e-commerce business some of the things that Jet designed into their approach would have been things we would have thought of and we would have wanted to do, and they've just done it from scratch," Wal-Mart CEO Doug McMillon told CNBC's "Squawk Box."


This could be good or bad, but it will definitely be worth looking into!
White House software code-sharing policy goes live
   The new Federal Source Code Policy also sets up a pilot program “that requires agencies, when commissioning new custom software, to release at least 20 percent of new custom-developed code as open source software (OSS) for three years,” Tony Scott, U.S. CIO and Anne E. Rung, chief acquisition officer, wrote in a memorandum to heads of departments and agencies on Monday.
   Making source code available as OSS could also help federal software projects, because private users would implement the code and publish improvements, allowing for collaborative benefits such as software peer review and security testing, sharing of technical know-how and reuse of code, according to the memorandum.
   The open source component of the new policy has its critics, who fear that the code could fall in the wrong hands and be misused.  In a post on Monday that tries to dispel myths around the use of open source, 18F wrote that there are several agencies that do classified work and release code that isn’t sensitive.  The National Security Agency has, for example, released code and documentation for its System Integrity Management Platform under an open source Apache license.  


For my Data Management students. 
New Gartner Magic Quadrant shakes up the file sharing world
The winners from this report would seem to be Box, Dropbox, Egnyte and Citrix Sharefile—all of which are (arguably) some of the earliest leaders in the space.


Thar’s gold in them thar job seekers. 
Job site Monster is being acquired by a Dutch recruiter for $429 million
Remember Monster.com? It was one of the first companies to harness the power of the internet to help connect jobseekers and potential employers.
It paved the way for the likes of LinkedIn and Glassdoor — as well as a new wave of snazzy job search apps, such as the so-called "tinder for jobs" Jobr (which it also acquired last month).
Now, Monster Worldwide has been snapped up by Dutch recruiter Randstad Holdings for $429m (£330.25m) in cash.


Just in case my students want to Photoshop something…
5 Awesome Adobe Apps That Are Completely Free
The company has recently been releasing several apps and programs for free.  And it has also turned some paid apps into free downloads, including the entire Creative Suite 2 (CS2) or Photoshop CS2 alone, and some of the best Android apps from 2015.